From ea2de87b1ab07b2ba05a0e186101d177104f1320 Mon Sep 17 00:00:00 2001
From: Florent Vilmart <florentvilmart@me.com>
Date: Fri, 26 Feb 2016 09:42:32 -0500
Subject: [PATCH 1/2] Improves key matching algorithm

---
 src/middlewares.js | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/middlewares.js b/src/middlewares.js
index e6fcc9a992..939489d3bd 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -99,20 +99,20 @@ function handleParseHeaders(req, res, next) {
 
   // Client keys are not required in parse-server, but if any have been configured in the server, validate them
   //  to preserve original behavior.
-  var keyRequired = (req.config.clientKey
-    || req.config.javascriptKey
-    || req.config.dotNetKey
-    || req.config.restAPIKey);
-  var keyHandled = false;
-  if (keyRequired
-    && ((info.clientKey && req.config.clientKey && info.clientKey === req.config.clientKey)
-      || (info.javascriptKey && req.config.javascriptKey && info.javascriptKey === req.config.javascriptKey)
-      || (info.dotNetKey && req.config.dotNetKey && info.dotNetKey === req.config.dotNetKey)
-      || (info.restAPIKey && req.config.restAPIKey && info.restAPIKey === req.config.restAPIKey)
-    )) {
-    keyHandled = true;
-  }
-  if (keyRequired && !keyHandled) {
+  let keys = ["clientKey", "javascriptKey", "dotNetKey", "restAPIKey"];
+  
+  // We do it with mismatching keys to support no-keys config
+  var keyMismatch = keys.reduce(function(mismatch, key){
+    // check the info key
+    // increment the mismatch if different
+    if (info[key] !== req.config[key]) {
+      mismatch++;
+    }
+    return mismatch;
+  }, 0);
+  
+  // All keys mismatch
+  if (keyMismatch == keys.length) {
     return invalidRequest(req, res);
   }
 

From 4e5cc1feb0441a73a446ce032e4f32ee5dca4160 Mon Sep 17 00:00:00 2001
From: Florent Vilmart <florentvilmart@me.com>
Date: Fri, 26 Feb 2016 10:21:52 -0500
Subject: [PATCH 2/2] Fixes handing of no keys set in config

---
 src/middlewares.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/middlewares.js b/src/middlewares.js
index 939489d3bd..8acece2da4 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -103,9 +103,9 @@ function handleParseHeaders(req, res, next) {
   
   // We do it with mismatching keys to support no-keys config
   var keyMismatch = keys.reduce(function(mismatch, key){
-    // check the info key
-    // increment the mismatch if different
-    if (info[key] !== req.config[key]) {
+
+    // check if set in the config and compare
+    if (req.config[key] && info[key] !== req.config[key]) {
       mismatch++;
     }
     return mismatch;